Skip to content

Linux 5.15.8 regression: UBSAN: shift-out-of-bounds in /home/kernel/COD/linux/drivers/gpu/drm/i915/display/intel_opregion.c:388:15

Originally filed here: https://bugzilla.kernel.org/show_bug.cgi?id=215335

Freshly installed kernel 5.15.8 from https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.15.8/ and immediately on boot noticed the following:

[    1.172982] fb0: switching to i915 from EFI VGA
[    1.173034] Console: switching to colour dummy device 80x25
[    1.173051] i915 0000:00:02.0: vgaarb: deactivate vga console
[    1.175648] i915 0000:00:02.0: vgaarb: changed VGA decodes: olddecodes=io+mem,decodes=io+mem:owns=io+mem
[    1.176289] i915 0000:00:02.0: [drm] Finished loading DMC firmware i915/tgl_dmc_ver2_12.bin (v2.12)
[    1.195234] ================================================================================
[    1.195238] UBSAN: shift-out-of-bounds in /home/kernel/COD/linux/drivers/gpu/drm/i915/display/intel_opregion.c:388:15
[    1.195240] shift exponent 34 is too large for 32-bit type 'unsigned int'
[    1.195243] CPU: 1 PID: 213 Comm: systemd-udevd Tainted: G     U            5.15.8-051508-generic #202112141040
[    1.195244] Hardware name: Dell Inc. XPS 13 9310 2-in-1/0W6MV0, BIOS 2.6.0 11/11/2021
[    1.195245] Call Trace:
[    1.195247]  <TASK>
[    1.195248]  show_stack+0x52/0x58
[    1.195253]  dump_stack_lvl+0x4a/0x5f
[    1.195256]  dump_stack+0x10/0x12
[    1.195258]  ubsan_epilogue+0x9/0x45
[    1.195260]  __ubsan_handle_shift_out_of_bounds.cold+0x61/0xe9
[    1.195262]  ? swsci+0x15a/0x270 [i915]
[    1.195346]  ? icl_ddi_tc_is_clock_enabled+0x4d/0xc0 [i915]
[    1.195416]  intel_opregion_notify_encoder.cold+0x2b/0x45 [i915]
[    1.195494]  intel_sanitize_encoder+0x1e2/0x270 [i915]
[    1.195560]  intel_modeset_setup_hw_state+0x322/0x680 [i915]
[    1.195622]  ? drm_modeset_lock_all_ctx+0x151/0x1c0 [drm]
[    1.195645]  ? drm_warn_on_modeset_not_all_locked.part.0+0x5e/0x90 [drm]
[    1.195657]  intel_modeset_init_nogem+0x2a8/0x510 [i915]
[    1.195719]  ? intel_irq_postinstall+0x38b/0x680 [i915]
[    1.195766]  i915_driver_probe+0x1b7/0x470 [i915]
[    1.195807]  ? mutex_lock+0x13/0x40
[    1.195811]  i915_pci_probe+0x58/0x140 [i915]
[    1.195851]  local_pci_probe+0x48/0x90
[    1.195855]  pci_device_probe+0x115/0x1f0
[    1.195856]  really_probe+0x21b/0x420
[    1.195860]  __driver_probe_device+0x115/0x190
[    1.195861]  driver_probe_device+0x23/0xc0
[    1.195863]  __driver_attach+0xbd/0x1d0
[    1.195865]  ? __device_attach_driver+0x110/0x110
[    1.195866]  bus_for_each_dev+0x7c/0xc0
[    1.195868]  driver_attach+0x1e/0x20
[    1.195870]  bus_add_driver+0x135/0x200
[    1.195871]  driver_register+0x95/0xf0
[    1.195873]  __pci_register_driver+0x68/0x70
[    1.195875]  i915_register_pci_driver+0x23/0x30 [i915]
[    1.195912]  i915_init+0x3b/0xfc [i915]
[    1.195963]  ? 0xffffffffc0988000
[    1.195964]  do_one_initcall+0x46/0x1d0
[    1.195967]  ? kmem_cache_alloc_trace+0x19e/0x2e0
[    1.195971]  do_init_module+0x62/0x280
[    1.195973]  load_module+0xac9/0xbb0
[    1.195974]  __do_sys_finit_module+0xbf/0x120
[    1.195975]  __x64_sys_finit_module+0x18/0x20
[    1.195976]  do_syscall_64+0x59/0xc0
[    1.195978]  ? vfs_read+0xff/0x1a0
[    1.195980]  ? exit_to_user_mode_prepare+0x37/0xb0
[    1.195983]  ? syscall_exit_to_user_mode+0x27/0x50
[    1.195984]  ? __x64_sys_mmap+0x33/0x40
[    1.195986]  ? do_syscall_64+0x69/0xc0
[    1.195987]  ? exit_to_user_mode_prepare+0x37/0xb0
[    1.195988]  ? syscall_exit_to_user_mode+0x27/0x50
[    1.195989]  ? __x64_sys_read+0x19/0x20
[    1.195990]  ? do_syscall_64+0x69/0xc0
[    1.195991]  ? do_syscall_64+0x69/0xc0
[    1.195992]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[    1.195994] RIP: 0033:0x7f5f788ee94d
[    1.195996] Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b3 64 0f 00 f7 d8 64 89 01 48
[    1.195997] RSP: 002b:00007ffda47327d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[    1.195999] RAX: ffffffffffffffda RBX: 0000560cb8c314e0 RCX: 00007f5f788ee94d
[    1.196000] RDX: 0000000000000000 RSI: 0000560cb8c32770 RDI: 0000000000000015
[    1.196000] RBP: 0000000000020000 R08: 0000000000000000 R09: 00007f5f789e5c60
[    1.196001] R10: 0000000000000015 R11: 0000000000000246 R12: 0000560cb8c32770
[    1.196002] R13: 0000560cb8c3a2d0 R14: 0000000000000000 R15: 0000560cb8c2d7d0
[    1.196003]  </TASK>
[    1.196003] ================================================================================

100% reproducible, I see that flashing up immediately after grub every boot. Does not happen with Linux 5.15.7.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information